No. The webmail is in fact just an IMAP client. The only way would be to disable access to IMAP port for everyone but the ip of webmail.
Maybe there is a way to disable it on per user basis, with exeption of webmail but I didnt hear about it. It is something we are thining about looking into (global 2FA for all services) but at the moment we want to focus on other things such us mailbox encryption, xmpp webclient improvements, hubzilla public launch.
Cant give any ETA at this point, but probbaly we will put it on the roadmap for next year.